Two other (random) notes here...you mention 520s, which are older appliances, but you also mention implementing new systems...could you clarify what version we're dealing with?
Also, (on the "gotchas" front) you mention that there's a checkpoint cluster involved. If you're running them active/active and using MAC multicast you'll probably need to turn auto-lasthop off, as the BigIP will track the last *physical* MAC that the traffic sourced from as opposed to the floating MAC that the Checkpoints will try and use if you're running active/active.
-Matt